Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7036 matches found

Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.8 views

PT-2026-43396

Name of the Vulnerable Software and Affected Versions MaxKB versions prior to 2.8.1 Description An issue exists in the OSS file service URL fetch endpoint "chat/api/oss/get url" where inconsistent URL parsing between the urlparse validation function and the requests HTTP client allows for a...

6.3CVSS5.8AI score0.00049EPSS
Exploits0References3
Redos
Redosadded 2026/05/26 12:0 a.m.10 views

ROS-20260526-73-0014

Vulnerability in registry related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an ssrf attack...

7.5CVSS5.8AI score0.00055EPSS
Exploits1
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.6 views

PT-2026-43278

IBM webMethods Integration on prem -Integration Server 10.15 through IS 10.15 Core Fix2611.1 to IS 11.1 Core Fix10 IBM webMethods Integration is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially...

5.4CVSS5.8AI score0.00027EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/25 11:11 p.m.11 views

CVE-2026-41682

A flaw was found in pupnp, an SDK for developing Universal Plug and Play UPnP applications. This vulnerability, known as Server-Side Request Forgery SSRF, arises from port truncation in the parseuri function. A remote attacker can exploit this flaw to confuse port assignments, potentially enablin...

6.9CVSS5.7AI score0.00016EPSS
Exploits0References2
NVD
NVDadded 2026/05/25 9:16 p.m.8 views

CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS0.00119EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/05/25 9:16 p.m.6 views

CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS5.9AI score0.00119EPSS
Exploits0References4
OSV
OSVadded 2026/05/25 9:16 p.m.2 views

UBUNTU-CVE-2026-44598

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.4CVSS5.9AI score0.00119EPSS
Exploits0References5
CVE
CVEadded 2026/05/25 8:19 p.m.20 views

CVE-2026-44598

Apache Shiro Jakarta EE module contains an open redirect and SSRF vulnerability (CVE-2026-44598) that affects Shiro 2.0-alpha through 2.1.0 and 3.0.0-alpha-1 when using the shiro-jakarta-ee integration. After login, the shiroSavedRequest cookie can be forged and used to redirect the server to an ...

5.4CVSS5.9AI score0.00119EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/25 8:19 p.m.5 views

CVE-2026-44598 Apache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials)

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.1CVSS5.9AI score0.00119EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/25 8:19 p.m.6 views

EUVD-2026-31739

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.1CVSS5.9AI score0.00119EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/25 8:19 p.m.19 views

CVE-2026-44598 Apache Shiro Jakarta EE module: Open redirect and SSRF (requires valid credentials)

With valid login credentials, URL Redirection to Untrusted Site 'Open Redirect', Server-Side Request Forgery SSRF vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration module. Users are recommended t...

5.1CVSS0.00119EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/25 7:11 p.m.5 views

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.0004EPSS
Exploits0References5
NVD
NVDadded 2026/05/25 3:16 p.m.11 views

CVE-2026-9464

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

5.8CVSS0.00043EPSS
Exploits0References4
NVD
NVDadded 2026/05/25 3:16 p.m.17 views

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS0.00014EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.6 views

CVE-2026-47076

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS5.8AI score0.00014EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/05/25 2:0 p.m.8 views

EUVD-2026-31689

Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackneyurl:normalize/2 URL-decodes the host component after the URL has been parsed into a hackneyurl record. OTP's uristring:parse/1 and inet:parseaddress/1 do not decode percent-escapes in the host, so ...

6.9CVSS5.8AI score0.00014EPSS
Exploits1References4
CVE
CVEadded 2026/05/25 2:0 p.m.33 views

CVE-2026-47076

CVE-2026-47076 affects the hackney HTTP client (from 0.13.0 up to, but not including, 4.0.1). The issue1 arises because hackney_url:normalize/2 decodes the host after parsing, while OTP’s uri_string:parse/1 and inet:parse_address/1 do not decode percent-escapes, allowing a crafted URL such as htt...

6.9CVSS5.8AI score0.00014EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/25 2:0 p.m.6 views

CVE-2026-9464

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

5.8CVSS5.4AI score0.00043EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/25 2:0 p.m.7 views

CVE-2026-9464 YunaiV yudao-cloud Admin API Endpoint create IotDataSinkHttpConfig server-side request forgery

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

5.8CVSS5.4AI score0.00043EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/25 2:0 p.m.7 views

EUVD-2026-31684

A vulnerability has been found in YunaiV yudao-cloud 2026.03. This affects the function IotDataSinkHttpConfig of the file /admin-api/iot/data-sink/create of the component Admin API Endpoint. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit h...

5.8CVSS5.4AI score0.00043EPSS
Exploits0References4
Rows per page
Query Builder